How to Get A Headstart on Apple’s Privacy Manifests

24 May 2024

In light of the extensive privacy debates of recent years, global companies are formulating new ways to approach privacy and its implementation in business. From May 1st, 2024, Apple is introducing new privacy changes – a privacy policy that will require all developers to attach a privacy manifest file, describing the data that is collected by the app and providing valid reasons for the use of its API.

So, What Are Privacy Manifests?

Essentially, a privacy manifest is a new-age tool that can provide more clarity for users and developers. A tool that can help identify your app’s dependency's privacy practices. It is a file that allows apps or third-party SDK developers to share information about the way they approach privacy. It comes in the form of a `plist` file, recording the data that is collected in the app.

It shows the type of data an SDK collects, how the data is used, any links to users, and if this information is used for tracking (Apple also has an App Tracking Transparency policy). A privacy manifest can also record data collected by third-party SDKs. How does it provide detailed reasoning? For each API that requires justification for its use, the file lists the reasons for the use.

The Deadlines and Requirements

Starting with March 13th, Apple has already contacted app developers, urging them to implement privacy manifests in the updated versions. That was the first timestamp of this process. Now, from May 1st, all new and updated apps headed to the app store will require a privacy manifest to be approved.

This includes all IOS-based apps, including tvOS, iPad OS, and even the latest VisionOS – all of which can be found in the App Store. This also includes all new or updated apps that will have a new third-party SDK (or the common ones too will become a breeze for developers.

Benefits for All

These privacy manifests are a great tool that are bound to change the global developers’ approach to privacy for the better, which will inevitably impact user experience as a result. Privacy manifests can help developers communicate and adhere to rules, creating more transparent and safe apps for the AppStore.

Moreover, now that all third-party SDKs from a single app can be summarized in one privacy manifest report, the task of creating accurate Privacy Nutrition Labels.

Creating the Privacy Manifest File

You can start the process straight away – all you have to do is open Xcode 15 and select:

File -> New -> File

  1. Then go to IOS, and select App Privacy from the Resource section in the panel. Press Next.

  2. Choose your destination Folder – this is where the file will be saved. It will be named `PrivacyInfo.xcprivacy` by default.

If you need your third-party SDK to be shared as a Static Library, you can use Xcode to bundle resources, including the privacy manifest file. Create a framework target in Xcode, select "Static Library," as its Mach-O type, and add the privacy manifest and other resources to the bundle. Done.

3. After saving, an Xcode Editor window will pop up on your screen for the file you saved above. Select the App Privacy Configuration entry, and add it by clicking the plus button on the right.

Now, these are the steps for adding new Privacy Accessed API Type entries and new Privacy Accessed API Reasons.

  1. Continuing from step 3, click on the Privacy Accessed API Types entry. Here, you need to select the Item 0 entry and click the ‘add’ button.

  2. Click on Privacy Accessed API Type, and set the entry value to File Timestamp.

  3. Click on Item 0 once more to add Privacy Accessed API Reasons.

  4. Select Item 0 under Privacy API Reasons, and set its value to what you need.

From here on, to add new entries, all you need to do is repeat the 4 steps described above, and each time, add new values. In case you need extra Reasons/Categories for your app because of other libraries and plug-ins, those need to be in the manifest too.

Time for a privacy report

Luckily, Xcode can help you gather all the declared data from the privacy manifests into one single report, which comes incredibly useful in the case of a review. It comes as a PDF and looks something like the Privacy Nutrition Labels we mentioned before. To generate one, select Product, and then Archive, and select Generate Privacy Report.

To Sum Up

Now, there are numerous APIs for required reasons and collected data types that developers have to record according to Apple’s new Privacy Manifests policy, but we can get into those in another article. Overall, this initiative is great – it will allow the App Store to conduct a more thorough selection process in terms of privacy and safety, users will have a safer and more transparent experience, and developers… Well, it will take some getting used to. But it’s all for the sake of safety.